RE: Digest user ACL check failing
Already did. I think it's for any znode, given the way the bug presents. https://issues.apache.org/jira/browse/ZOOKEEPER-904 I have a test and fix for this (described in the tracker), if you agree this is a bug I will attach it. C -Original Message- From: Patrick Hunt [mailto:ph...@apache.org] Sent: Wednesday, October 20, 2010 2:08 PM To: zookeeper-user@hadoop.apache.org Subject: Re: Digest user ACL check failing Sounds like it might be a bug, was this just for the root or for any znode? Please file a JIRA, thanks. Patrick On Tue, Oct 19, 2010 at 1:01 PM, Fournier, Camille F. [Tech] < camille.fourn...@gs.com> wrote: > The ZK documentation says: > New in 3.2: Enables a ZooKeeper ensemble administrator to access the znode > hierarchy as a "super" user. In particular no ACL checking occurs for a user > authenticated as super. > > However, in some testing today I created a digest user, logged in as this > user, set the ACLs for "/" to Ids.READ_ACL_UNSAFE, and now even when I am > logged in as the superuser, I cannot actually change this ACL or write nodes > below it on the tree. So it does not actually seem to be the case that > "super" skips ACL checks. Is this a bug or a feature? > > Thanks, > Camille > > >
Re: Digest user ACL check failing
Sounds like it might be a bug, was this just for the root or for any znode? Please file a JIRA, thanks. Patrick On Tue, Oct 19, 2010 at 1:01 PM, Fournier, Camille F. [Tech] < camille.fourn...@gs.com> wrote: > The ZK documentation says: > New in 3.2: Enables a ZooKeeper ensemble administrator to access the znode > hierarchy as a "super" user. In particular no ACL checking occurs for a user > authenticated as super. > > However, in some testing today I created a digest user, logged in as this > user, set the ACLs for "/" to Ids.READ_ACL_UNSAFE, and now even when I am > logged in as the superuser, I cannot actually change this ACL or write nodes > below it on the tree. So it does not actually seem to be the case that > "super" skips ACL checks. Is this a bug or a feature? > > Thanks, > Camille > > >
Digest user ACL check failing
The ZK documentation says: New in 3.2: Enables a ZooKeeper ensemble administrator to access the znode hierarchy as a "super" user. In particular no ACL checking occurs for a user authenticated as super. However, in some testing today I created a digest user, logged in as this user, set the ACLs for "/" to Ids.READ_ACL_UNSAFE, and now even when I am logged in as the superuser, I cannot actually change this ACL or write nodes below it on the tree. So it does not actually seem to be the case that "super" skips ACL checks. Is this a bug or a feature? Thanks, Camille